The difference between a legitimate token and a honeypot is often invisible until it’s too late. You buy, the price pumps, you try to sell — and the transaction silently fails. The contract allows buying but blocks selling. Your funds are trapped.
This guide shows you how to run a complete token safety check in under 30 seconds using the Onchain Diary Token Risk API. No API key, no signup — just a curl command.
Why Manual Checking Isn’t Enough
A thorough manual token audit involves:
- Reading the smart contract source code on Etherscan
- Checking for dangerous functions (
selfdestruct,delegatecall, unrestrictedmint) - Verifying liquidity pool lock status
- Analyzing holder distribution for concentration risk
- Cross-referencing community blacklists
That’s 15-30 minutes per token if you know what you’re doing — and you’ll still miss things. The Token Risk API automates all of this in one request.
Step 1: Free Quick Check (No Payment)
Every token query starts with a free tier — risk score, honeypot status, and source verification:
curl -s https://theonchaindiary.com/api/v1/risk/token/0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48 | jq .Response:
{
"address": "0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48",
"chain": "ethereum",
"token_name": "USD Coin",
"token_symbol": "USDC",
"score": 0,
"risk_level": "low",
"is_honeypot": false,
"source_verified": true,
"data_sources": ["GoPlus", "Etherscan"],
"tier": "free",
"signals_count": 5,
"upgrade": "Add X-PAYMENT header ($0.02) for full signal breakdown..."
}What to look at:
score: 0— Risk score from 0 (safe) to 100 (critical). Anything above 50 warrants serious caution.is_honeypot: false— The most important field. Iftrue, you can buy but cannot sell.source_verified: true— Contract source code is verified on Etherscan. Unverified contracts are a massive red flag.risk_level— Plain-text label:low,medium,high, orcritical.
Step 2: Full Analysis ($0.02 via x402)
For tokens that pass the free check, the premium tier gives you the complete picture — tax rates, holder concentration, liquidity pool safety, and a risk narrative:
# The API returns 402 with payment instructions
curl -s https://theonchaindiary.com/api/v1/risk/token/0x6982508145454ce325ddbe47a25d4ec3d2311933The 402 response includes the x402 payment scheme. After paying $0.02 in USDC (Base network), you get:
{
"token_name": "Pepe",
"token_symbol": "PEPE",
"score": 15,
"risk_level": "low",
"is_honeypot": false,
"source_verified": true,
"taxes": { "buy_pct": 0, "sell_pct": 0, "transfer_pct": 0 },
"holders": {
"total_count": 210000,
"top_holder_pct": 8.5,
"top_10_pct": 42.3,
"creator_pct": 0.0
},
"liquidity": {
"in_dex": true,
"lp_locked": true,
"lp_holder_count": 12,
"lp_top_holder_pct": 15.2
}
}Reading the Premium Response
Taxes — buy_pct and sell_pct are the most critical fields. A token with sell_pct: 50 takes 50% of your output on every sell. Anything above 10% is suspicious; above 25% is almost certainly a rug pull setup.
Holder concentration — If top_holder_pct exceeds 50%, a single wallet can dump the price to zero. top_10_pct: 42.3 means the top 10 wallets hold 42.3% of supply — moderate but worth watching. Compare against creator_pct — if the deployer still holds a large chunk, they can rug at any time.
Liquidity safety — lp_locked: true means the liquidity pool tokens are locked (typically via Team Finance or UNCX). If lp_locked: false, the team can pull liquidity and exit at any moment.
Step 3: Check on Other Chains
The same token contract might exist on multiple chains with different risk profiles. Add the ?chain= parameter:
# Check on Base
curl -s "https://theonchaindiary.com/api/v1/risk/token/0x...?chain=base"
# Check on Arbitrum
curl -s "https://theonchaindiary.com/api/v1/risk/token/0x...?chain=arbitrum"Supported chains: Ethereum, Base, Arbitrum One, Optimism, Polygon PoS, BNB Smart Chain.
Red Flags Cheat Sheet
| Signal | Free Tier | Premium Tier | Risk Level |
|---|---|---|---|
is_honeypot: true | ✓ | ✓ | Critical — cannot sell |
source_verified: false | ✓ | ✓ | High — code is hidden |
score > 50 | ✓ | ✓ | High — multiple risk signals |
sell_pct > 25 | — | ✓ | High — tax trap |
top_holder_pct > 50 | — | ✓ | High — dump risk |
lp_locked: false | — | ✓ | Medium — rug risk |
creator_pct > 20 | — | ✓ | Medium — deployer controls supply |
Automating Safety Checks
For developers building wallets, aggregators, or trading bots, integrate the API as a pre-swap safety gate:
async function checkTokenSafety(tokenAddress, chain = 'ethereum') {
const url = `https://theonchaindiary.com/api/v1/risk/token/${tokenAddress}?chain=${chain}`;
const res = await fetch(url);
const data = await res.json();
// Hard blocks
if (data.is_honeypot) return { safe: false, reason: 'Honeypot: cannot sell' };
if (!data.source_verified) return { safe: false, reason: 'Unverified source' };
if (data.score >= 75) return { safe: false, reason: `Critical risk score: ${data.score}` };
// Warnings (require premium tier)
if (data.taxes?.sell_pct > 25) return { safe: false, reason: `Sell tax: ${data.taxes.sell_pct}%` };
if (data.holders?.top_holder_pct > 50) return { safe: false, reason: 'Whale concentration risk' };
return { safe: true, data };
}Key Takeaways
- Always check before you swap. The free tier takes 2 seconds and catches honeypots.
- Score is additive. A low score doesn’t mean safe — it means no critical signals were detected. Always check the premium breakdown for tokens you plan to hold.
- Tax analysis is non-negotiable for new tokens. A legitimate token has
sell_pct ≤ 5%. Anything higher is designed to trap buyers. - Liquidity locks matter more than hype. A token with locked LP and moderate concentration is safer than a viral token with unlocked LP.
For the full API reference, see the Developer API documentation. For a deeper dive on how honeypots work mechanically, read our guide on spotting rug pulls and honeypots.